CA2341821C - Hardware authentication system and method - Google Patents
Hardware authentication system and method Download PDFInfo
- Publication number
- CA2341821C CA2341821C CA002341821A CA2341821A CA2341821C CA 2341821 C CA2341821 C CA 2341821C CA 002341821 A CA002341821 A CA 002341821A CA 2341821 A CA2341821 A CA 2341821A CA 2341821 C CA2341821 C CA 2341821C
- Authority
- CA
- Canada
- Prior art keywords
- pseudo
- random number
- hardware
- authentication system
- line card
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/72—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F7/00—Methods or arrangements for processing data by operating upon the order or content of the data handled
- G06F7/58—Random or pseudo-random number generators
- G06F7/588—Random number generators, i.e. based on natural stochastic processes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
Landscapes
- Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Mathematical Physics (AREA)
- Computational Mathematics (AREA)
- Mathematical Analysis (AREA)
- Mathematical Optimization (AREA)
- Pure & Applied Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
- Semiconductor Integrated Circuits (AREA)
Abstract
A hardware authentication system method for equipment including at least one removable hardware component comprises a processing unit within the equipment that includes a first pseudo-random number generator responsive to at least one non-deterministic event for generating a pseudo-random number. A second pseudo-random number generator is provided on the removable hardware component. The second pseudo-random number generator is also responsive to the at least one non-deterministic event and generates a pseudo-random number. The processing unit compares the pseudo-random numbers generated by the first and second pseudo-random number generators to detect coincidence and thereby determine authenticity of the hardware component.
Description
HARDWARE AUTHENTICATION SYSTEM AND METHOD
Field of the Invention The present invention relates generally to component authentication and in particular to a hardware authentication system and method.
Background of the Invention It is common practice in many industries to design equipment including modular hardware components. This allows hardware components to be replaced or exchanged with ease without requiring overall equipment modification.
In many areas, equipment suppliers have found copying of their hardware components to be a problem. It has been found that unauthentic components sometimes do not meet the equipment suppliers' quality standards and/or do not interface properly with the equipment. Customers experiencing difficulty with unauthentic components often attribute the negative experiences to the equipment suppliers. This has led equipment manufacturers to incorporate authentication mechanisms into their equipment to inhibit unauthorized copies of hardware components from being used in their equipment.
For example, U.S. Patent No. 4,723,284 to Monk et al discloses a hardware authentication system for a public key communications network. The public key network includes at least one user terminal and at least one hardware authentication terminal coupled to the user terminal. The authentication terminal generates and stores a plain text message therein. The authentication terminal also generates from the plain text message, a cipher text message by transforming the plain text message with the public key of the user terminal and transmits the cipher text message to the user terminal. The user terminal is adapted to receive the cipher text message and transform the cipher text message with its private key to obtain a plain text message. The user terminal also transmits the plain text message back to the authentication terminal. The authentication terminal compares the plain text message received from the user terminal with the plain text message stored therein to determine coincidence. If the two plain text messages match, the authentication terminal generates an authentic user signal indicating that the user terminal is the hardware terminal associated with the public key.
Field of the Invention The present invention relates generally to component authentication and in particular to a hardware authentication system and method.
Background of the Invention It is common practice in many industries to design equipment including modular hardware components. This allows hardware components to be replaced or exchanged with ease without requiring overall equipment modification.
In many areas, equipment suppliers have found copying of their hardware components to be a problem. It has been found that unauthentic components sometimes do not meet the equipment suppliers' quality standards and/or do not interface properly with the equipment. Customers experiencing difficulty with unauthentic components often attribute the negative experiences to the equipment suppliers. This has led equipment manufacturers to incorporate authentication mechanisms into their equipment to inhibit unauthorized copies of hardware components from being used in their equipment.
For example, U.S. Patent No. 4,723,284 to Monk et al discloses a hardware authentication system for a public key communications network. The public key network includes at least one user terminal and at least one hardware authentication terminal coupled to the user terminal. The authentication terminal generates and stores a plain text message therein. The authentication terminal also generates from the plain text message, a cipher text message by transforming the plain text message with the public key of the user terminal and transmits the cipher text message to the user terminal. The user terminal is adapted to receive the cipher text message and transform the cipher text message with its private key to obtain a plain text message. The user terminal also transmits the plain text message back to the authentication terminal. The authentication terminal compares the plain text message received from the user terminal with the plain text message stored therein to determine coincidence. If the two plain text messages match, the authentication terminal generates an authentic user signal indicating that the user terminal is the hardware terminal associated with the public key.
-2-U.S. Patent No. 4,799,635 to Nakagawa discloses a system for determining the authenticity of computer software stored in a ROM cartridge when used with a main processor unit. To verify that the ROM cartridge is authentic, duplicate semiconductor devices are included in the ROM cartridge and the main processor unit. The semiconductor device associated with the ROM cartridge acts as a key device and the semiconductor device in the main processing unit acts as a lock device. The key and lock devices are synchronized and execute the same arithmetic operation according to pre-programming. The results of the executed arithmetic operations are exchanged between the semiconductor devices and compared. If the results agree, the ROM cartridge is determined to be authentic and the main processing unit is allowed to operate. If the ROM cartridge is determined to be unauthentic, the main processing unit is continuously reset inhibiting it from operating.
U.S. Patent No. 4,766,516 to Ozdemir et al discloses a security system and method for protecting an integrated circuit from unauthorized copying.
During design the integrated circuit is provided with at least one additional circuit element that does not contribute towards the function of the integrated circuit.
Rather, the additional circuit element is designed to inhibit operation of the integrated circuit when an unauthorized copy of the integrated circuit is made. The additional circuit element has the visible appearance of being functionally interconnected to the integrated circuit but actually is not. Thus, in an authentic device, the additional circuit element is isolated from the integrated circuit. However, when a copy is made, if the copier copies the integrated circuit according to its visual appearance, the additional circuit element will be physically connected to the integrated circuit and the operation of the additional circuit element will inhibit proper operation of the integrated circuit.
Although the above-identified references disclose systems and methods to deter copying, new authentication systems and methods are of course desired. It is therefore an object of the present invention to provide a novel hardware authentication system and method.
U.S. Patent No. 4,766,516 to Ozdemir et al discloses a security system and method for protecting an integrated circuit from unauthorized copying.
During design the integrated circuit is provided with at least one additional circuit element that does not contribute towards the function of the integrated circuit.
Rather, the additional circuit element is designed to inhibit operation of the integrated circuit when an unauthorized copy of the integrated circuit is made. The additional circuit element has the visible appearance of being functionally interconnected to the integrated circuit but actually is not. Thus, in an authentic device, the additional circuit element is isolated from the integrated circuit. However, when a copy is made, if the copier copies the integrated circuit according to its visual appearance, the additional circuit element will be physically connected to the integrated circuit and the operation of the additional circuit element will inhibit proper operation of the integrated circuit.
Although the above-identified references disclose systems and methods to deter copying, new authentication systems and methods are of course desired. It is therefore an object of the present invention to provide a novel hardware authentication system and method.
-3-Summary of the Invention According to one aspect of the invention there is provided a hardware authentication system for a private branch exchange including at least one removable hardware line card comprising:
a processing unit within said private branch exchange and including a first pseudo-random number generator responsive to at least one non-deterministic event for generating a pseudo-random number, said at least one non-deterministic event being an operating state of said removable hardware line card; and a second pseudo-random number generator within said removable hardware line card, said second pseudo-random number generator also being responsive to said at least one non-deterministic event and generating a pseudo-random number, said processing unit comparing the pseudo-random numbers generated by said first and second pseudo-random number generators to detect coincidence and thereby determine authenticity of said removable hardware line card.
In a preferred embodiment, the first and second pseudo-random number generators are responsive to non-deterministic and periodic events.
Each of the first and second pseudo-random number generators includes a counter that increments its count in response to non-deterministic events; a register that rotates its contents in response to periodic events; and logic coupling the counter and the register and modifying the register contents using the value of the counter prior to rotation of the contents of the register.
It is also preferred that the non-deterministic event is a busy state of a circuit of the removable hardware line card resulting due to an off hook condition of a telephone set connected to the line card circuit.
According to another aspect of the present invention there is provided a method of authenticating a removable hardware line card installed in a private branch exchange, said method comprising the steps of:
providing a first pseudo-random number generator in said private branch exchange that is responsive to at least one non-deterministic event for generating a pseudo-random number, said at least one non-deterministic event being an operating state of said removable hardware line card;
a processing unit within said private branch exchange and including a first pseudo-random number generator responsive to at least one non-deterministic event for generating a pseudo-random number, said at least one non-deterministic event being an operating state of said removable hardware line card; and a second pseudo-random number generator within said removable hardware line card, said second pseudo-random number generator also being responsive to said at least one non-deterministic event and generating a pseudo-random number, said processing unit comparing the pseudo-random numbers generated by said first and second pseudo-random number generators to detect coincidence and thereby determine authenticity of said removable hardware line card.
In a preferred embodiment, the first and second pseudo-random number generators are responsive to non-deterministic and periodic events.
Each of the first and second pseudo-random number generators includes a counter that increments its count in response to non-deterministic events; a register that rotates its contents in response to periodic events; and logic coupling the counter and the register and modifying the register contents using the value of the counter prior to rotation of the contents of the register.
It is also preferred that the non-deterministic event is a busy state of a circuit of the removable hardware line card resulting due to an off hook condition of a telephone set connected to the line card circuit.
According to another aspect of the present invention there is provided a method of authenticating a removable hardware line card installed in a private branch exchange, said method comprising the steps of:
providing a first pseudo-random number generator in said private branch exchange that is responsive to at least one non-deterministic event for generating a pseudo-random number, said at least one non-deterministic event being an operating state of said removable hardware line card;
-4-providing a second pseudo-random number generator in said removable hardware line card that is also responsive to said at least one non-deterministic event for generating a pseudo-random number; and comparing the pseudo-random numbers generated by the first and second pseudo-random number generators at intervals to detect coincidence and thereby determine authenticity of said removable hardware line card.
The present invention provides advantages in that unauthorized hardware components installed in equipment can be detected and inhibited from operating properly when used in the equipment. Since the first and second pseudo-random number generators generate pseudo-random numbers in response to variable events that occur within the equipment, the pseudo-random numbers generated by the pseudo-random number generators are difficult to predict making it extremely difficult for unauthentic hardware components to subvert the authentication system.
Since authentic components are compatible with the equipment, quality standards and component compatibility can be ensured.
Brief Description of the Drawings An embodiment of the present invention will now be described more fully with reference to the accompanying drawings in which:
Figure 1 is a schematic diagram of equipment incorporating a hardware authentication system in accordance with the present invention; and Figure 2 is a schematic diagram of a pseudo-random number generator incorporated within a replaceable hardware component and forming part of the hardware authentication system of Figure 1.
Detailed Description of the Preferred Embodiment The present invention relates to a hardware authentication system and method to determine the authenticity of a replaceable hardware component installed within equipment. In the preferred embodiment, the replaceable hardware component includes a pseudo-random number generator that is responsive to non-deterministic and periodic events and generates pseudo-random numbers. A processing unit in the equipment executes a software version of the same pseudo-random number generator - S -and compares the numbers it generates with the pseudo-random numbers generated by the pseudo-random number generator in the hardware component, at selected intervals. If the numbers match, the hardware component is considered to be authentic. If the numbers do not match, the hardware component is considered to be unauthentic and its operation within the equipment is inhibited. A preferred embodiment of the present invention will now be described with reference to Figures 1 and 2.
Turning now to Figure 1, equipment 10 including a replaceable hardware component 12 is shown. The hardware component 12 is releasably connected to the equipment 10 to facilitate replacement. The equipment 10 has a processing unit 14 executing an authentication program 15 including a software-based pseudo-random number generator 16. The replaceable hardware component 12 also includes a pseudo-random number generator 20. The authentication program 15 and the pseudo-random number generator 20 constitute a hardware authentication system designed to determine the authenticity of the hardware component 12 installed in the equipment 10.
As can be seen in Figure 2, the pseudo-random number generator 20 includes an 8-bit counter 22 having a plurality of parallel output pins Qo to Q~, a clock pin CLK and a reset pin R. The clock pin CLK receives input in response to the occurrence of a non-deterministic event. The output pins of the counter 22 are coupled to an array of XOR gates 28. 'the output pins of the XOR gates 28 lead to respective input pins Do to D~ of an 8-bit register 30. The register 30 also includes a plurality of output pins Qo to Q~, a clock pin CLK and a reset pin R. The pseudo-random number generated by the pseudo-random number generator 20 is held by the register 30 and can be read via its output pins Qo to Q~. Each output pin of the register 30 is also coupled to an input pin of a respective XOR gate 28. The clock pin CLK receives input at periodic intervals.
Preferably, the counter 22, the register 30, the XOR gates 28 and the address decoding for the clock pins of the counter and register are contained within a single physical device, such as for example an ASIC or programmable logic device.
In this way, generation of pseudo-random numbers by the pseudo-random number generator 20 cannot be easily observed or derived.
Similar to pseudo-random number generator 20, software pseudo-random number generator 16 includes a software counter, a software register and software logic for performing XOR operations on the software register contents using the count values output by the software counter. The pseudo-random number generator 20 is also responsive to the non-deterministic and periodic events.
In the preferred embodiment, the removable hardware component 12 is a twelve (12) circuit line card for a private branch exchange (PBX) 10. The non-deterministic event used to increment the counter 22 is any one of the line card circuits entering the busy state. This non-deterministic event occurs whenever a telephone set connected to a line card circuit enters an off hook state.
The periodic input used to rotate the register is generated by the authentication program 15 every hour. The hardware component authentication process will now be described with particular reference to Figure 2.
Initially the counter 22 and register 30 as well as the software counter and register are reset by the authentication program 15. During normal operation, whenever a telephone set connected to one of the line card circuits enters an off hook state, an input signal is applied to the clock pin CLK of the counter 22 causing the counter to increment its count value. The incremented count value output by the counter 22 is conveyed to the XOR gates 28, which also receive the register contents.
The outputs of the XOR gates 28 are applied to the input pins Do to D~ of the register thereby to modify the register contents. Every hour, the authentication program 15 generates a signal that is applied to the clock pin CLK of register 30 causing the register to rotate the value therein by one bit position.
The software pseudo-random number generator 16 executed by the 25 processing unit 14 is also responsive to the non-deterministic and periodic events and generates the same pseudo-random numbers.
Each hour after the register contents have been rotated, the authentication program 15 executed by the processing unit 14 reads the contents of the register 30 and the software register and compares the pseudo-random numbers.
30 If the numbers match, the line card 12 is considered to be authentic and operation of the line card 12 within the PBX 10 continues. If however the numbers do not match, the authentication program 15 generates a flag causing the processing unit 14 to inhibit further operation of the line card 12 within the PBX 10.
As will be appreciated, the hardware authentication system periodically checks the authenticity of replaceable hardware components within the equipment and inhibits an unauthentic hardware component from being used.
Since the pseudo-random numbers generated by the software pseudo-random number generator and the hardware pseudo-random number generator are based on non-deterministic events, generation of the pseudo-random numbers cannot be easily observed or derived.
Although the pseudo-random number generator 20 shows all of the bits of the counter 22 and register 30 being XORed, the XORing operation can be performed only on selected bits if desired. Also, although the contents of the register 30 are described as being rotated by one bit on each periodic signal, the register contents can of course be rotated by more than one bit position on each periodic 1 S signal or not at all. Alternatively, more than one periodic signal may be required in order to rotate the register contents by one bit. In this case, additional logic is required to rotate the register contents every nth periodic signal.
Furthermore, if desired the counter 22 and/or register 30 can be preset with values at the time the pseudo-random number generator 20 in the hardware component 12 is initialized.
The values can be preset or can be read from a variable source such as for example a real time clock. Also, if desired, the length of the counter 22 and register 30 can be increased or decreased. If the pseudo-random number generator 20 is modified in one or more of the above described manners, those of skill in the art will recognize that the software-based pseudo-random number generator 16 is of course modified in the same manner.
Although the hardware pseudo-random number generator is described as including a binary counter, a register and an array of XOR gates, the counter, register and XOR functions may be embodied in a microprocessor having appropriate firmware.
As will be appreciated, since authentic hardware components are compatible with the equipment, replaceable component integrity and quality standards can be maintained at the desired level.
g Although a preferred embodiment of the present invention has been described, those of skill in the art will appreciate that variations and modifications may be made without departing from the spirit and scope thereof as defined by the appended claims.
The present invention provides advantages in that unauthorized hardware components installed in equipment can be detected and inhibited from operating properly when used in the equipment. Since the first and second pseudo-random number generators generate pseudo-random numbers in response to variable events that occur within the equipment, the pseudo-random numbers generated by the pseudo-random number generators are difficult to predict making it extremely difficult for unauthentic hardware components to subvert the authentication system.
Since authentic components are compatible with the equipment, quality standards and component compatibility can be ensured.
Brief Description of the Drawings An embodiment of the present invention will now be described more fully with reference to the accompanying drawings in which:
Figure 1 is a schematic diagram of equipment incorporating a hardware authentication system in accordance with the present invention; and Figure 2 is a schematic diagram of a pseudo-random number generator incorporated within a replaceable hardware component and forming part of the hardware authentication system of Figure 1.
Detailed Description of the Preferred Embodiment The present invention relates to a hardware authentication system and method to determine the authenticity of a replaceable hardware component installed within equipment. In the preferred embodiment, the replaceable hardware component includes a pseudo-random number generator that is responsive to non-deterministic and periodic events and generates pseudo-random numbers. A processing unit in the equipment executes a software version of the same pseudo-random number generator - S -and compares the numbers it generates with the pseudo-random numbers generated by the pseudo-random number generator in the hardware component, at selected intervals. If the numbers match, the hardware component is considered to be authentic. If the numbers do not match, the hardware component is considered to be unauthentic and its operation within the equipment is inhibited. A preferred embodiment of the present invention will now be described with reference to Figures 1 and 2.
Turning now to Figure 1, equipment 10 including a replaceable hardware component 12 is shown. The hardware component 12 is releasably connected to the equipment 10 to facilitate replacement. The equipment 10 has a processing unit 14 executing an authentication program 15 including a software-based pseudo-random number generator 16. The replaceable hardware component 12 also includes a pseudo-random number generator 20. The authentication program 15 and the pseudo-random number generator 20 constitute a hardware authentication system designed to determine the authenticity of the hardware component 12 installed in the equipment 10.
As can be seen in Figure 2, the pseudo-random number generator 20 includes an 8-bit counter 22 having a plurality of parallel output pins Qo to Q~, a clock pin CLK and a reset pin R. The clock pin CLK receives input in response to the occurrence of a non-deterministic event. The output pins of the counter 22 are coupled to an array of XOR gates 28. 'the output pins of the XOR gates 28 lead to respective input pins Do to D~ of an 8-bit register 30. The register 30 also includes a plurality of output pins Qo to Q~, a clock pin CLK and a reset pin R. The pseudo-random number generated by the pseudo-random number generator 20 is held by the register 30 and can be read via its output pins Qo to Q~. Each output pin of the register 30 is also coupled to an input pin of a respective XOR gate 28. The clock pin CLK receives input at periodic intervals.
Preferably, the counter 22, the register 30, the XOR gates 28 and the address decoding for the clock pins of the counter and register are contained within a single physical device, such as for example an ASIC or programmable logic device.
In this way, generation of pseudo-random numbers by the pseudo-random number generator 20 cannot be easily observed or derived.
Similar to pseudo-random number generator 20, software pseudo-random number generator 16 includes a software counter, a software register and software logic for performing XOR operations on the software register contents using the count values output by the software counter. The pseudo-random number generator 20 is also responsive to the non-deterministic and periodic events.
In the preferred embodiment, the removable hardware component 12 is a twelve (12) circuit line card for a private branch exchange (PBX) 10. The non-deterministic event used to increment the counter 22 is any one of the line card circuits entering the busy state. This non-deterministic event occurs whenever a telephone set connected to a line card circuit enters an off hook state.
The periodic input used to rotate the register is generated by the authentication program 15 every hour. The hardware component authentication process will now be described with particular reference to Figure 2.
Initially the counter 22 and register 30 as well as the software counter and register are reset by the authentication program 15. During normal operation, whenever a telephone set connected to one of the line card circuits enters an off hook state, an input signal is applied to the clock pin CLK of the counter 22 causing the counter to increment its count value. The incremented count value output by the counter 22 is conveyed to the XOR gates 28, which also receive the register contents.
The outputs of the XOR gates 28 are applied to the input pins Do to D~ of the register thereby to modify the register contents. Every hour, the authentication program 15 generates a signal that is applied to the clock pin CLK of register 30 causing the register to rotate the value therein by one bit position.
The software pseudo-random number generator 16 executed by the 25 processing unit 14 is also responsive to the non-deterministic and periodic events and generates the same pseudo-random numbers.
Each hour after the register contents have been rotated, the authentication program 15 executed by the processing unit 14 reads the contents of the register 30 and the software register and compares the pseudo-random numbers.
30 If the numbers match, the line card 12 is considered to be authentic and operation of the line card 12 within the PBX 10 continues. If however the numbers do not match, the authentication program 15 generates a flag causing the processing unit 14 to inhibit further operation of the line card 12 within the PBX 10.
As will be appreciated, the hardware authentication system periodically checks the authenticity of replaceable hardware components within the equipment and inhibits an unauthentic hardware component from being used.
Since the pseudo-random numbers generated by the software pseudo-random number generator and the hardware pseudo-random number generator are based on non-deterministic events, generation of the pseudo-random numbers cannot be easily observed or derived.
Although the pseudo-random number generator 20 shows all of the bits of the counter 22 and register 30 being XORed, the XORing operation can be performed only on selected bits if desired. Also, although the contents of the register 30 are described as being rotated by one bit on each periodic signal, the register contents can of course be rotated by more than one bit position on each periodic 1 S signal or not at all. Alternatively, more than one periodic signal may be required in order to rotate the register contents by one bit. In this case, additional logic is required to rotate the register contents every nth periodic signal.
Furthermore, if desired the counter 22 and/or register 30 can be preset with values at the time the pseudo-random number generator 20 in the hardware component 12 is initialized.
The values can be preset or can be read from a variable source such as for example a real time clock. Also, if desired, the length of the counter 22 and register 30 can be increased or decreased. If the pseudo-random number generator 20 is modified in one or more of the above described manners, those of skill in the art will recognize that the software-based pseudo-random number generator 16 is of course modified in the same manner.
Although the hardware pseudo-random number generator is described as including a binary counter, a register and an array of XOR gates, the counter, register and XOR functions may be embodied in a microprocessor having appropriate firmware.
As will be appreciated, since authentic hardware components are compatible with the equipment, replaceable component integrity and quality standards can be maintained at the desired level.
g Although a preferred embodiment of the present invention has been described, those of skill in the art will appreciate that variations and modifications may be made without departing from the spirit and scope thereof as defined by the appended claims.
Claims (14)
1. A hardware authentication system for a private branch exchange including at least one removable hardware line card comprising:
a processing unit within said private branch exchange and including a first pseudo-random number generator responsive to at least one non-deterministic event for generating a pseudo-random number, said at least one non-deterministic event being an operating state of said removable hardware line card; and a second pseudo-random number generator within said removable hardware line card, said second pseudo-random number generator also being responsive to said at least one non-deterministic event and generating a pseudo-random number, said processing unit comparing the pseudo-random numbers generated by said first and second pseudo-random number generators to detect coincidence and thereby determine authenticity of said removable hardware line card.
a processing unit within said private branch exchange and including a first pseudo-random number generator responsive to at least one non-deterministic event for generating a pseudo-random number, said at least one non-deterministic event being an operating state of said removable hardware line card; and a second pseudo-random number generator within said removable hardware line card, said second pseudo-random number generator also being responsive to said at least one non-deterministic event and generating a pseudo-random number, said processing unit comparing the pseudo-random numbers generated by said first and second pseudo-random number generators to detect coincidence and thereby determine authenticity of said removable hardware line card.
2. The hardware authentication system as defined in claim 1 wherein said first and second pseudo-random number generators are responsive to non-deterministic and periodic events.
3. The hardware authentication system as defined in claim 1 or 2 wherein said at least one non-deterministic event is a busy state of a circuit of said removable hardware line card resulting due to an off-hook condition of a telephone set connected to said line card circuit.
4. The hardware authentication system as defined in any one of claims 1 to 3, wherein each of said first and second pseudo-random number generators includes:
a counter incrementing its count value in response to non-deterministic events;
a register rotating its contents in response to periodic events; and logic coupling the counter and the register, said logic receiving the count value output by said counter and modifying said register contents using the value of said counter, the value held by said register constituting said pseudo-random number.
a counter incrementing its count value in response to non-deterministic events;
a register rotating its contents in response to periodic events; and logic coupling the counter and the register, said logic receiving the count value output by said counter and modifying said register contents using the value of said counter, the value held by said register constituting said pseudo-random number.
5. The hardware authentication system as defined in claim 4 wherein said logic performs an XOR operation on the register value using the value of said counter.
6. The hardware authentication system as defined in claim 5 wherein the XOR operation is performed on each bit of the register value.
7. The hardware authentication system as defined in claim 5 wherein the XOR operation is performed on selected bits of the register value.
8. The hardware authentication system as defined in any one of claims 4 to 7 wherein said first pseudo-random number generator is realized by software executed by said processing unit and wherein said second pseudo-random number generator is realized in a single physical device within said removable hardware line card.
9. The hardware authentication system as defined in claim 8 wherein said single physical device is an ASIC or a programmable logic device.
10. The hardware authentication system as defined in any one of claims 4 to 9 wherein said processing unit compares the pseudo-random numbers at periodic intervals.
11. The hardware authentication system as defined in claim 10 wherein said processing unit compares the pseudo-random numbers following each periodic event.
12. A method of authenticating a removable hardware line card installed in a private branch exchange, said method comprising the steps of:
providing a first pseudo-random number generator in said private branch exchange that is responsive to at least one non-deterministic event for generating a pseudo-random number, said at least one non-deterministic event being an operating state of said removable hardware line card;
providing a second pseudo-random number generator in said removeable hardware line card that is also responsive to said at least one non-deterministic event for generating a pseudo-random number; and comparing the pseudo-random numbers generated by the first and second pseudo-random number generators at intervals to detect coincidence and thereby determine authenticity of said removable hardware line card.
providing a first pseudo-random number generator in said private branch exchange that is responsive to at least one non-deterministic event for generating a pseudo-random number, said at least one non-deterministic event being an operating state of said removable hardware line card;
providing a second pseudo-random number generator in said removeable hardware line card that is also responsive to said at least one non-deterministic event for generating a pseudo-random number; and comparing the pseudo-random numbers generated by the first and second pseudo-random number generators at intervals to detect coincidence and thereby determine authenticity of said removable hardware line card.
13. The method of claim 12 wherein generation of each pseudo-random number includes the steps of:
incrementing a count value in response to non-deterministic events;
rotating a register value constituting the pseudo-random number in response to periodic events; and modifying the register value using the count value prior to rotation of the register value.
incrementing a count value in response to non-deterministic events;
rotating a register value constituting the pseudo-random number in response to periodic events; and modifying the register value using the count value prior to rotation of the register value.
14. The method of claim 13 wherein the modifying step includes the step of XORing the register value using the count value.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| GB0009618A GB2361567B (en) | 2000-04-18 | 2000-04-18 | Hardware authentication system and method |
| GB0009618.0 | 2000-04-18 |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CA2341821A1 CA2341821A1 (en) | 2001-10-18 |
| CA2341821C true CA2341821C (en) | 2004-06-22 |
Family
ID=9890197
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CA002341821A Expired - Fee Related CA2341821C (en) | 2000-04-18 | 2001-03-22 | Hardware authentication system and method |
Country Status (3)
| Country | Link |
|---|---|
| US (1) | US6931533B2 (en) |
| CA (1) | CA2341821C (en) |
| GB (1) | GB2361567B (en) |
Families Citing this family (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7058811B2 (en) * | 2001-10-31 | 2006-06-06 | Intel Corporation | Apparatus and method to prevent a device driver from loading on a counterfeit hardware element |
| US6871206B2 (en) * | 2001-11-20 | 2005-03-22 | Ip-First, Llc | Continuous multi-buffering random number generator |
| US7219112B2 (en) * | 2001-11-20 | 2007-05-15 | Ip-First, Llc | Microprocessor with instruction translator for translating an instruction for storing random data bytes |
| US7149764B2 (en) | 2002-11-21 | 2006-12-12 | Ip-First, Llc | Random number generator bit string filter |
| US7136991B2 (en) * | 2001-11-20 | 2006-11-14 | Henry G Glenn | Microprocessor including random number generator supporting operating system-independent multitasking operation |
| US7139785B2 (en) * | 2003-02-11 | 2006-11-21 | Ip-First, Llc | Apparatus and method for reducing sequential bit correlation in a random number generator |
| US7097107B1 (en) | 2003-04-09 | 2006-08-29 | Mobile-Mind, Inc. | Pseudo-random number sequence file for an integrated circuit card |
| US8183980B2 (en) * | 2005-08-31 | 2012-05-22 | Assa Abloy Ab | Device authentication using a unidirectional protocol |
| US7415732B2 (en) * | 2005-09-22 | 2008-08-19 | Intel Corporation | Mechanism to prevent counterfeiting in a hardware device |
| US20090037217A1 (en) * | 2007-07-19 | 2009-02-05 | Bilcare Limited | Multi-functional package system |
| US8358783B2 (en) | 2008-08-11 | 2013-01-22 | Assa Abloy Ab | Secure wiegand communications |
| US20110145934A1 (en) * | 2009-10-13 | 2011-06-16 | Miron Abramovici | Autonomous distributed programmable logic for monitoring and securing electronic systems |
| BRPI1103480A2 (en) * | 2011-07-25 | 2014-06-17 | Jorni Santana Da Silveira | METHOD AND EQUIPMENT FOR CUSTOMER COMPUTER SAFETY INSULATION |
| US9948614B1 (en) * | 2013-05-23 | 2018-04-17 | Rockwell Collins, Inc. | Remote device initialization using asymmetric cryptography |
| CN107534551B (en) * | 2015-07-30 | 2021-02-09 | 慧与发展有限责任合伙企业 | Method, computing device and computer readable medium for providing encrypted data |
| US10452877B2 (en) | 2016-12-16 | 2019-10-22 | Assa Abloy Ab | Methods to combine and auto-configure wiegand and RS485 |
| US11296869B2 (en) * | 2018-11-08 | 2022-04-05 | Daniel Eugene Hale | Apparatus and method for unbreakable data encryption |
| JP7253470B2 (en) * | 2019-07-31 | 2023-04-06 | 株式会社デンソーテン | Information processing equipment |
Family Cites Families (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US4206920A (en) * | 1977-11-04 | 1980-06-10 | Toll Karl D | Multiple digit electronic game |
| US4723284A (en) * | 1983-02-14 | 1988-02-02 | Prime Computer, Inc. | Authentication system |
| US4885778A (en) * | 1984-11-30 | 1989-12-05 | Weiss Kenneth P | Method and apparatus for synchronizing generation of separate, free running, time dependent equipment |
| CA1270339A (en) * | 1985-06-24 | 1990-06-12 | Katsuya Nakagawa | System for determining a truth of software in an information processing apparatus |
| US4766516A (en) * | 1987-09-24 | 1988-08-23 | Hughes Aircraft Company | Method and apparatus for securing integrated circuits from unauthorized copying and use |
| KR0149503B1 (en) * | 1989-04-20 | 1999-05-15 | 야마우찌 히로시 | Memory cartridge |
| GB9218439D0 (en) * | 1992-08-29 | 1992-10-14 | Pilkington Micro Electronics | Electrinic identification system with anti-tampering protection |
| US5325201A (en) * | 1992-12-28 | 1994-06-28 | Sony Electronics Inc. | Pseudo-random number generator based on a video control counter |
| US5363448A (en) | 1993-06-30 | 1994-11-08 | United Technologies Automotive, Inc. | Pseudorandom number generation and cryptographic authentication |
| US5461217A (en) | 1994-02-08 | 1995-10-24 | At&T Ipm Corp. | Secure money transfer techniques using smart cards |
| US5935002A (en) * | 1995-03-10 | 1999-08-10 | Sal Falciglia, Sr. Falciglia Enterprises | Computer-based system and method for playing a bingo-like game |
| US5643086A (en) * | 1995-06-29 | 1997-07-01 | Silicon Gaming, Inc. | Electronic casino gaming apparatus with improved play capacity, authentication and security |
| GB9526235D0 (en) * | 1995-12-21 | 1996-02-21 | British Tech Group | An electronic anti-theft method and related apparatus |
| US5881226A (en) | 1996-10-28 | 1999-03-09 | Veneklase; Brian J. | Computer security system |
| US6134684A (en) * | 1998-02-25 | 2000-10-17 | International Business Machines Corporation | Method and system for error detection in test units utilizing pseudo-random data |
-
2000
- 2000-04-18 GB GB0009618A patent/GB2361567B/en not_active Expired - Fee Related
-
2001
- 2001-03-22 CA CA002341821A patent/CA2341821C/en not_active Expired - Fee Related
- 2001-04-04 US US09/826,554 patent/US6931533B2/en not_active Expired - Lifetime
Also Published As
| Publication number | Publication date |
|---|---|
| US6931533B2 (en) | 2005-08-16 |
| GB0009618D0 (en) | 2000-06-07 |
| GB2361567B (en) | 2004-02-11 |
| GB2361567A (en) | 2001-10-24 |
| CA2341821A1 (en) | 2001-10-18 |
| US20010056534A1 (en) | 2001-12-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CA2341821C (en) | Hardware authentication system and method | |
| JP6616471B2 (en) | Stochastic processing | |
| EP0422757B1 (en) | Public/key date-time notary facility | |
| CA2337306C (en) | Method and apparatus for symmetric-key encryption | |
| US7818741B1 (en) | Method and system to monitor installation of a software program | |
| EP0653695A2 (en) | Software pay per use system | |
| US20050160049A1 (en) | Method and arrangement for protecting software | |
| EP0484603A1 (en) | Non-repudiation in computer networks | |
| JP2006107274A (en) | Hash function operation system, encryption system and unauthorized analysis/tampering prevention system | |
| KR20050022623A (en) | Interdependent parallel processing hardware cryptographic engine providing for enhanced self fault-detecting and hardware encryption processing method thereof | |
| JP4559623B2 (en) | Security device, key device, program protection system, and method | |
| US20230048583A1 (en) | Electronic drawing system and method | |
| Molcut et al. | Cybersecurity for embedded systems: a review | |
| US7024554B1 (en) | Systems and methods that authorize target devices utilizing proprietary software and/or hardware | |
| CA2278754A1 (en) | A method of using transient faults to verify the security of a cryptosystem | |
| US20160380766A1 (en) | Encryption system with a generator of one-time keys and a method for generating one time-keys | |
| JP3834773B2 (en) | How to recover machine number data error of image forming device | |
| Halliden | Network security issues | |
| Zeller et al. | Random Number Generator Designs | |
| CN118445862A (en) | LED display screen module operation control method and system | |
| JP2000322322A (en) | Program protection system and security chip | |
| CN113424489A (en) | Method for operating a key stream generator operating in counter mode for the secure transmission of data, key stream generator operating in counter mode with data for the secure transmission and computer program product for generating a key stream | |
| JP2002519723A (en) | Techniques for generating privately authenticable cryptographic signatures and using such signatures in connection with product reproduction | |
| Enterprise | (Version HW: 2731_G1 issue 3 FW: 1.3) 011126 FIPS 140-2 Security Policy | |
| Encryptor | CLE: NRZ-H, NRZ-L, E1, T1, RS232 |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| EEER | Examination request | ||
| MKLA | Lapsed | ||
| MKLA | Lapsed |
Effective date: 20110322 |